Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

About Elevation of Privilege – Microsoft DWM Core Library (CVE-2025-30400) vulnerability

About Elevation of Privilege – Microsoft DWM Core Library (CVE-2025-30400) vulnerability. The vulnerability, patched as part of May Microsoft Patch Tuesday, affects the Desktop Window Manager component. This is a compositing window manager that has been part of Windows since Windows Vista. Successful exploitation could grant an attacker SYSTEM-level privileges. At the time the vulnerability […]

Alexander V. Leonov
Open in Source
#vulnerability#windows#microsoft#git#intel#blog
How and where to report an online scam

Find out where and how victims can report online scams to prevent more victims and possibly recover funds.

Been scammed online? Here’s what to do

Have you been scammed online? Here are some tips to limit the damage and follow up steps you may find useful

Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems

Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api.

The open source paradox: Unpacking risk, equity and acceptance

Open source has always been paradoxical: it's software developed by passionate developers and given away for free, yet it's monetized and funded by some of the largest companies in the world. An underdog, once called "a cancer," and yet it's the single largest driver of innovation and technological progress we have ever seen. In the world of open source, paradox will always exist, but nowhere more so than in the understanding of security vulnerabilities.Twenty-five years ago, the Common Vulnerabilities and Exposures (CVE) program was established to standardize the naming and tracking of softw

Hackers Using Fake IT Support Calls to Breach Corporate Systems, Google

A financially motivated group of hackers known as UNC6040 is using a simple but effective tactic to breach…

Over 20 Malicious Apps on Google Play Target Users for Seed Phrases

Over 20 malicious apps on Google Play are stealing crypto seed phrases by posing as trusted wallets and exchanges, putting users' funds at risk.

The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking

Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more.

Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

In an effort to evade detection, cybercriminals are increasingly turning to “residential proxy” services that cover their tracks by making it look like everyday online activity.

NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU

iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals…